Teaming Gmail, Google Search Not Security Risk

Security experts say Google's new "Gmail in personal search results" service, which crawls through a person's inbox and presents results relevant to a regular web search, is not a risk to businesses.

Google started testing the feature Thursday, opening it up to only the first 1 million signees, a fraction of Gmail's 425 million accounts. People who join the pilot program would start seeing the Gmail results on the right-hand column of regular search results.

In some cases, answers from the inbox would be highlighted at the top of the page. For example, typing "my flights" in Google's search box would get flight information if an airline had forwarded a user's future itinerary to Gmail.

In general, Google is trying to add more personal information to search results. For example, if a person is searching for restaurants in San Francisco, then it might be helpful to also show that email a friend sent a long time ago, recommending a steakhouse in the city.

Security experts do not see the new feature opening up any new doors to attacks. Rather, some people may object to having their private email searched, and opt out for that reason. "It's not necessarily a big security risk, but it's kind of creepily invasive," Dan Olds, analyst for the Gabriel Consulting Group, said.

Another possibility from having one's inbox searched is more targeted ads from Google advertisers, Olds said. "I would hate to suddenly be bombarded with particular advertising messages or spam based on what I'm searching for."

Whether any of that would happen is only speculative. For now, people have to sign up to participate, and Gmail results will be presented in a collapsed format that requires people to open to see the details.

Google's motive is to continue expanding a person's search capabilities, the company says. "We think you shouldn't have to be your own mini-search engine to find the most useful information -- it should just work," Amit Singhal, a senior vice president for Google Search, said in a blog post. "A search is a search, and we want our results to be truly universal."

Jeremiah Grossman, chief technology officer for WhiteHat Security, said that mission of organizing as much of the world's information as possible and making it accessible is why businesses should always place strict controls on the use of Google services when it comes to corporate information.

"Any data stored in the cloud, which includes online services like Gmail, should be considered public," Grossman said in an email. "That's the rule. With the exception of paid-for services like Google Apps, users are not customers and can only expect a limited amount of security and privacy."